VeraCrypt Is Too Slow And Complex

Now that more Truecryptweaknesses have been revealed the open-source solution taking its place appears to be VeraCrypt. Yet its extra-secure encryption of the system partition adds so many rounds booting is slowed and the extra PIM concept mandates an extra step to every startup. This situation makes it even less suited to non-technical users than TrueCrypt before it.

Steve Gibson may be ready to recommend VeraCrypt, but I don’t think it’s ready for the masses; up to version 1.15 anyway. After clocking my boot time with system encryption it took an extra 85 seconds. Talking non-technical friends and family through even basic use of TrueCrypt volumes was challenging enough. VeraCrypt’s additional Personal Iteration Multiplier certainly adds more security. Still, the extra step and forgettable-yet-necessary element is only making it less novice friendly.

Now having tried the built-in encryption features of Windows, OS X, and Ubuntu Linux the VeraCrypt software does still offer a nice cross-platform solution. The VeraCrypt UI is also easier than Linux, though it has a way to go before being as easy as Windows and OS X. With a little UX love and simpler defaults VeraCrypt has the potential to offer a compelling alternative for regular folks.

That is just crap. That is just utter and utter crap. If someone says 5 is more than 4, and you go and say that 5 is not more than 4, you are saying crap. Then you insult people to prove your point, as so many people in Linux do (The user is stupid, that’s why my program doesn’t work as well). It is pretty clear the PIM is annoying: with computers we try to automate as many steps away as we can, and having to repeat steps over and over becomes tiresome. Without a low PIM, the iteration count is extremely high, causing the long boot delay. With a low PIM, as Paul says, a hacker (or attacker, or adversary, as they are called) merely needs to test at most 10 different iteration counts which means the “multiplication factor” as that point is only an average of 5. If you design a software that takes 85 seconds to boot you are just full of crap and you don’t listen to your users at all, or, like you are doing here, you call them stupid and then say you don’t need to listen to them because they are stupid and shouldn’t use computers anyway.

And opensource and cross-platform VC is definitely not as good as you’re going to get. Even a single person patching this thing by lowering the iteration count (and possibly introducing a different hashing algorithm, but that aside) and being willing to distribute and maintain this patch, will have created something better and it won’t (or wouldn’t) take more than a minute of programming, in that sense. Of course, without that, you will be creating volumes that are not compatible with regular VeraCrypt because the iteration counts will be off and they are hardcoded mostly. VeraCrypt is not userfriendly and TrueCrypt always was very user friendly. The VeraCrypt authors would never have been able to create something the quality of TrueCrypt, they just don’t have the mindset for that. They take an existing project and then make it worse, and that is mostly all they do. And then you call that “as good as you’re going to get”. Well, if that is the best the regular open source community can do (ruin things) then that doesn’t bode well for open source, my friend (or nemesis). This TrueCrypt software was so perfectly excellent and the number of changes VeraCrypt has done to it is absolutely minimal and yet they have managed to ruin its user friendlyness already. It boggles the mind how people can be so detrimental to common sanity. It boggles the mind what happens when arrogance is allowed to take over, and answering for your “crimes” is no longer necessary (because it is “open source”, and “we control things now”). It boggles the mind how quickly people can depart common sense when there is no pay involved and listening to users is no longer required. Or when it is not a personal project to create something great, but something to flaunt the open source community with: take a project that is someone else’s and call it your own and then claim you’re better than that person. The people at TCnext are equally disproportionately arrogant. The author of TrueCrypt did all that work but /they/ will help organize a future, but the first thing they do is ask for /support/, is that the sign of someone who is in charge of what he’s doing? No. It is the sign of a weakling who only wants free work and financial aid. They don’t display any sense of work they’ve done first, no they ask for help first. That’s not a project. That’s a charity. That’s a charity begging for funds.

I like the PIM. Before VC was very slow to start. Now I use a fairly long yet simple password, then an easy single digit PIM, and it boots right up. As far as non-tech people using it. Non-tech people don’t know about hard drive encryption, so it’s a non-issue.

A simpler PIM is a reasonable workaround, though it mitigates most of the benefit at a high cost to potential users. Since I’m responsible for helping these non-techies secure their computers it is very much an issue for them and myself.

I believe the simplest patch to VeraCrypt that will make it easy to use again would be to hard-code a specific PIM into the application which will fix the iteration count at a certain default. At that point to use your volumes with Regular VeraCrypt you would have to manually insert that fixed PIM you’ve used. Suppose the PIM is 20, you would have to calculate the number of iterations (you don’t need to, but you could) and see if it suffices. Pick a PIM that takes away the boot delay, that makes it hard to notice the boot delay. Then fix your PIM at that (the iteration count is just a multiple of that). Make it a round number, ie. 32, or 64, or 128. Or even 16. Now your volumes will be VeraCrypt compatible (but not TrueCrypt, I think) (But I don’t know the detail of the header format) (and whether it’s flexible or not) but will not incur the longer delays and lack of usability.

I am creating a volume that is 2TB. When it started the speed is about 30MB/S and estimate to completion 16 hours. That was about 30 hours ago. Now the speed is 9 MB/S and estimate to completion is 26 hours. My machine is running macOS Sierra with an Intel i7 6700K and 4.01GHz processor and 16GB memory. At the rate the speed is decreasing and estimate completion time is increasing, I do not believe it will ever finish.

Years ago, I created similar 2TB volume with Truecrypt and it completed successfully in less than 24 hours.

I use Mac, Linux and Windows and so Truecrypt and Veracrypt are really ideal for me. But they are useless if they cannot handle large volume and are slow.

Please consider allowing users to select less secure but faster options so it can create and process larger volumes at reasonable time.